Initial Commit

core/__init_.py

@@ -0,0 +1,9 @@
+from flask import Blueprint, render_template
+
+
+core_bp = Blueprint("core", __name__)
+
+
+@core_bp.get("/")
+def home():
+return render_template("core/home.html")

core/__init__.py

@@ -0,0 +1,10 @@
+# /var/www/bennysboard/core/__init__.py
+from flask import Blueprint, render_template
+
+core_bp = Blueprint("core", __name__)
+
+@core_bp.get("/")
+def home():
+    # Renders /var/www/bennysboard/core/templates/core/home.html
+    return render_template("core/home.html")
+

core/auth.py

@@ -0,0 +1,127 @@
+# /var/www/bennysboard/core/auth.py
+import os
+import requests
+from functools import wraps
+from flask import Blueprint, render_template, request, redirect, url_for, session, flash
+from .models import db, User
+
+auth_bp = Blueprint("auth", __name__, template_folder="templates")
+
+# ---------- session helpers ----------
+def current_user():
+    uid = session.get("uid")
+    return User.query.get(uid) if uid else None
+
+def login_user(user: User):
+    session["uid"] = user.id
+    session.permanent = True
+
+def logout_user():
+    session.pop("uid", None)
+
+# ---------- decorators ----------
+def require_login(view):
+    @wraps(view)
+    def _wrap(*a, **k):
+        if not current_user():
+            return redirect(url_for("auth.login", next=request.path))
+        return view(*a, **k)
+    return _wrap
+
+def require_perms(*perms):
+    def deco(view):
+        @wraps(view)
+        def _wrap(*a, **k):
+            u = current_user()
+            if not u:
+                return redirect(url_for("auth.login", next=request.path))
+            if not any(u.has_perm(p) for p in perms):
+                flash("You don’t have permission to view that.", "error")
+                return redirect(url_for("core.home"))
+            return view(*a, **k)
+        return _wrap
+    return deco
+
+# ---------- local login ----------
+@auth_bp.get("/login")
+def login():
+    return render_template("core/login.html", next=request.args.get("next", "/"))
+
+@auth_bp.post("/login")
+def login_post():
+    username = request.form.get("username", "")
+    password = request.form.get("password", "")
+    nxt = request.form.get("next") or url_for("core.home")
+
+    u = User.query.filter((User.email == username) | (User.username == username)).first()
+    if not u or not u.check_password(password):
+        flash("Invalid credentials", "error")
+        return redirect(url_for("auth.login", next=nxt))
+
+    login_user(u)
+    return redirect(nxt)
+
+@auth_bp.post("/logout")
+@require_login
+def logout():
+    logout_user()
+    return redirect(url_for("auth.login"))
+
+# ---------- Discord OAuth (optional) ----------
+@auth_bp.get("/discord")
+def discord_start():
+    cid = os.getenv("DISCORD_CLIENT_ID", "")
+    redir = os.getenv("DISCORD_REDIRECT_URI", "http://localhost:5000/auth/discord/callback")
+    scope = "identify"
+    return redirect(
+        "https://discord.com/oauth2/authorize"
+        f"?client_id={cid}&response_type=code&redirect_uri={requests.utils.quote(redir)}&scope={scope}&prompt=none"
+    )
+
+@auth_bp.get("/discord/callback")
+def discord_cb():
+    code = request.args.get("code")
+    if not code:
+        flash("Discord login failed.", "error")
+        return redirect(url_for("auth.login"))
+
+    data = {
+        "client_id": os.getenv("DISCORD_CLIENT_ID"),
+        "client_secret": os.getenv("DISCORD_CLIENT_SECRET"),
+        "grant_type": "authorization_code",
+        "code": code,
+        "redirect_uri": os.getenv("DISCORD_REDIRECT_URI"),
+    }
+    tok = requests.post(
+        "https://discord.com/api/v10/oauth2/token",
+        data=data,
+        headers={"Content-Type": "application/x-www-form-urlencoded"},
+        timeout=10,
+    )
+    if tok.status_code != 200:
+        flash("Discord login failed.", "error")
+        return redirect(url_for("auth.login"))
+
+    access_token = tok.json().get("access_token")
+    me = requests.get(
+        "https://discord.com/api/v10/users/@me",
+        headers={"Authorization": f"Bearer {access_token}"},
+        timeout=10,
+    )
+    if me.status_code != 200:
+        flash("Discord login failed.", "error")
+        return redirect(url_for("auth.login"))
+
+    d = me.json()
+    discord_id = d["id"]
+    uname = d.get("global_name") or d.get("username") or f"user{discord_id[-4:]}"
+
+    u = User.query.filter_by(discord_id=discord_id).first()
+    if not u:
+        u = User(username=uname, discord_id=discord_id)
+        db.session.add(u)
+        db.session.commit()
+
+    login_user(u)
+    return redirect(url_for("core.home"))
+

core/models.py

@@ -0,0 +1,64 @@
+# /var/www/bennysboard/core/models.py
+from flask_sqlalchemy import SQLAlchemy
+from datetime import datetime
+from werkzeug.security import generate_password_hash, check_password_hash
+
+db = SQLAlchemy()
+
+user_roles = db.Table(
+    "user_roles",
+    db.Column("user_id", db.Integer, db.ForeignKey("users.id"), primary_key=True),
+    db.Column("role_id", db.Integer, db.ForeignKey("roles.id"), primary_key=True),
+)
+
+role_perms = db.Table(
+    "role_permissions",
+    db.Column("role_id", db.Integer, db.ForeignKey("roles.id"), primary_key=True),
+    db.Column("perm_id", db.Integer, db.ForeignKey("permissions.id"), primary_key=True),
+)
+
+
+class User(db.Model):
+    __tablename__ = "users"
+
+    id = db.Column(db.Integer, primary_key=True)
+    email = db.Column(db.String(255), unique=True, index=True)
+    username = db.Column(db.String(80), unique=True)
+    password_h = db.Column(db.String(255))          # nullable for Discord-only accounts
+    discord_id = db.Column(db.String(40), index=True)
+    is_active = db.Column(db.Boolean, default=True)
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+
+    roles = db.relationship("Role", secondary=user_roles, back_populates="users")
+
+    def set_password(self, raw: str) -> None:
+        self.password_h = generate_password_hash(raw)
+
+    def check_password(self, raw: str) -> bool:
+        return bool(self.password_h) and check_password_hash(self.password_h, raw)
+
+    def has_perm(self, code: str) -> bool:
+        return any(code in r.perm_codes() for r in self.roles)
+
+
+class Role(db.Model):
+    __tablename__ = "roles"
+
+    id = db.Column(db.Integer, primary_key=True)
+    name = db.Column(db.String(80), unique=True)
+
+    users = db.relationship("User", secondary=user_roles, back_populates="roles")
+    permissions = db.relationship("Permission", secondary=role_perms, back_populates="roles")
+
+    def perm_codes(self) -> set[str]:
+        return {p.code for p in self.permissions}
+
+
+class Permission(db.Model):
+    __tablename__ = "permissions"
+
+    id = db.Column(db.Integer, primary_key=True)
+    code = db.Column(db.String(120), unique=True, index=True)
+
+    roles = db.relationship("Role", secondary=role_perms, back_populates="permissions")
+

core/templates/core/base.html

@@ -0,0 +1,95 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8" />
+
+  <!-- ✅ Viewport: prevent weird zoom/scaling on iOS -->
+  <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" />
+
+  <!-- iOS WebApp & theme tweaks -->
+  <meta name="apple-mobile-web-app-capable" content="yes" />
+  <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
+  <meta name="theme-color" content="#0b0d16" />
+
+  <title>{% block title %}Benny Portal{% endblock %}</title>
+
+  <!-- ✅ Tailwind -->
+  <script src="https://cdn.tailwindcss.com"></script>
+
+  <!-- ✅ Your custom styles -->
+  <link rel="stylesheet" href="{{ url_for('static', filename='app.css') }}" />
+
+  <style>
+    /* Fix Safari overscroll bounce & height issues */
+    html, body {
+      height: 100%;
+      margin: 0;
+      padding: 0;
+      -webkit-overflow-scrolling: touch;
+      overflow-x: hidden;
+      background-color: #0b0d16;
+    }
+
+header {
+  position: sticky;
+  top: 0;
+  z-index: 50;
+  padding-top: env(safe-area-inset-top, constant(safe-area-inset-top, 0));
+  background-color: rgba(0, 0, 0, 0.6);
+  backdrop-filter: blur(8px);
+}
+
+
+
+    main {
+      padding-bottom: 4rem; /* avoids cutoff on iPhone bottom bar */
+    }
+
+    /* Optional: mobile tweaks */
+    nav a {
+      padding: 0.5rem 0.75rem;
+      border-radius: 0.375rem;
+    }
+    nav a:hover {
+      background-color: rgba(255, 255, 255, 0.1);
+    }
+  </style>
+</head>
+
+<body class="bg-neutral-950 text-neutral-100 antialiased">
+
+  <header class="border-b border-white/10 bg-black/60 backdrop-blur">
+    <div class="max-w-7xl mx-auto px-4 py-3 flex items-center gap-4">
+      <a class="font-bold text-lg" href="/">Benny’s Portal</a>
+      <nav class="text-sm flex gap-3 overflow-x-auto whitespace-nowrap">
+        <a href="/board/">Intercom</a>
+        <a href="/quotes/">Quotes</a>
+        <a href="/publish/">Publish Once</a>
+        <a href="/memos/">Memos</a>
+      </nav>
+      <div class="ml-auto flex items-center gap-3">
+        {% if session.uid %}
+          <form method="post" action="{{ url_for('auth.logout') }}">
+            <button class="px-3 py-1.5 rounded-lg border border-white/20">Logout</button>
+          </form>
+        {% else %}
+          <a class="px-3 py-1.5 rounded-lg bg-accent text-black font-semibold" href="{{ url_for('auth.login') }}">Login</a>
+        {% endif %}
+      </div>
+    </div>
+  </header>
+
+  <main class="max-w-7xl mx-auto px-4 py-8">
+    {% with msgs = get_flashed_messages(with_categories=true) %}
+      {% for cat, m in msgs %}
+        <div class="mb-4 rounded border px-3 py-2 {{ 'border-emerald-400 bg-emerald-500/10' if cat=='ok' else 'border-red-400 bg-red-500/10' }}">
+          {{ m }}
+        </div>
+      {% endfor %}
+    {% endwith %}
+    {% block content %}{% endblock %}
+  </main>
+
+</body>
+</html>
+

core/templates/core/home.html

@@ -0,0 +1,22 @@
+{% extends 'core/base.html' %}
+{% block title %}Home — Portal{% endblock %}
+{% block content %}
+<div class="grid md:grid-cols-2 lg:grid-cols-3 gap-6">
+<a href="/board/" class="card glass p-6 block">
+<h2 class="font-semibold text-lg">Discord Intercom</h2>
+<p class="text-white/70 text-sm">Read the channel, post (admins), status updates.</p>
+</a>
+<a href="/quotes/" class="card glass p-6 block">
+<h2 class="font-semibold text-lg">Quotes</h2>
+<p class="text-white/70 text-sm">Public estimator + admin review.</p>
+</a>
+<a href="/publish/" class="card glass p-6 block">
+<h2 class="font-semibold text-lg">Publish Once</h2>
+<p class="text-white/70 text-sm">Compose once, copy everywhere.</p>
+</a>
+<a href="/memos/" class="card glass p-6 block">
+<h2 class="font-semibold text-lg">Memos & Notes</h2>
+<p class="text-white/70 text-sm">Personal memos, notes, journal.</p>
+</a>
+</div>
+{% endblock %}

core/templates/core/login.html

@@ -0,0 +1,24 @@
+{% extends 'core/base.html' %}
+{% block title %}Login — Portal{% endblock %}
+{% block content %}
+<section class="max-w-md mx-auto">
+<div class="card glass p-6">
+<h1 class="text-2xl font-bold">Sign in</h1>
+<form method="post" action="{{ url_for('auth.login') }}" class="mt-4 space-y-4">
+<input type="hidden" name="next" value="{{ next or '/' }}">
+<div>
+<label class="text-sm text-white/70">Email or username</label>
+<input name="username" class="w-full mt-1" required>
+</div>
+<div>
+<label class="text-sm text-white/70">Password</label>
+<input type="password" name="password" class="w-full mt-1" required>
+</div>
+<div class="flex items-center gap-3">
+<button class="btn bg-accent font-semibold" type="submit">Login</button>
+<a class="text-sm underline" href="{{ url_for('auth.discord_start') }}">Sign in with Discord</a>
+</div>
+</form>
+</div>
+</section>
+{% endblock %}